Professional Documents
Culture Documents
Security Enhencement & Solution For Authentication Frame Work in IEEE 802.16
Security Enhencement & Solution For Authentication Frame Work in IEEE 802.16
ABSTRACT
WIMAX- Worldwide Interoperability for Microwave Access is going to be an emerging wireless
technology for the future. Wireless networking market is thriving because of increasing popularity of
Broad Band internet. Wireless network is not completely secure because of rapid release of new
technologies, lack of physical infrastructure and market competition. It is (WiMAX) a new technology;
not deployed widely to justify the evidence of threats, risk and vulnerability in real situations. Although
authentication process is a key to secure access in wireless network, the security sub layer of
IEEE802.16 employs an authenticated client server key management protocol in which the Base Station
(Server), controls the distribution of keying materials to the Mobile Station( the client). In this paper, an
overview of authentication framework is first discussed and several threats on authentication process is
later interrogated. Finally, possible solutions to overcome them are inaugurated.
KEYWORDS
1. INTRODUCTION
WIMAX- Worldwide Interoperability for Microwave Access opens the door to thousands of
applications that make use of the solid wireless backbone to connect people together. Due to
high data rate, applications will include voice calls, video transfer and many other services.
These types of applications will require a solid secure medium to exchange and operate
information safely. This is what the IEEE decided to add to the WiMAX standard in its both
versions - mobile and fixed broadband wireless access. WiMAX security process is divided into
three steps:
01 .Authentication
02. Data Key exchange
03. Data Encryption
Authentication of users and equipments in the BWA network is done as part of the admission
control process. The authentication phase is carried out while execution of handoffs in mobile
BWA networks. The authentication and service authorization process is carried out at the
privacy sub layer, embedded in the WiMAX protocol stack [2], [4]. A complete protocol
ensuring secure distribution and management of keying data between network entities are
incorporated in this layer, known as Privacy and Key Management protocol (PKM) [2]. Launch
of 802.16d in 2004 and 802.16e in 2005 suggests that the standard is in the initial phase of
implementation and several dormant issues and short comings will be highlighted with progress
in deployment and service provisioning.
In this paper; I present different security vulnerabilities on authentication process and possible
solutions to solve them. Rest of the paper is organized as follows: Section 2 introduces the
existing authentication frameworks while section 3 describes the attacks on authentication. In
Section 4, several possible solutions are presented and Section 5 accomplishes the topic.
DOI : 10.5121/ijcsit.2010.2607 64
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
2. AUTHENTICATION FRAMEWORK
2.1 Privacy & Key Management Protocol version 1
The PKM v1 protocol complies with the 802.16d-2004 standard and is operating in the Fixed
WiMAX networks [2[. This protocol is a 3-step protocol which involving 1-way authentication.
The figure 1 shows the PKM v1 authentication model and messages involved. The detailed
operation of PKM v1 can be found in [2], [5] and [6]. PKM v1 is based on X.509 certificate
based Public Key Infrastructure (PKI). Figure 1 shows the information flow between
Subscriber Station and Base Station. The individual components of the message have been
addressed in [2] and [6]. A nonce (NSS) is shown in Step 2 which is a 64-bit number generated
randomly to be used as a message linking token [5]. Basic Connection Identity Code (BCID) is
used to identify a particular node in the network .It is assigned to the node during the admission
control process.
65
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
3. ATTACK ON AUTHENTICATION
We can describe the Attacks on authentication by the way which a network can be intruded and
the privacy of the users be compromised. The secure access of network services is becoming an
important issue in the present communication infrastructures. Any attempts of an intruder to get
registered with the network illegitimately or to create chaos in it, is possible; if the user
authorization and authentication is compromised. The ways to breach the authentication
frameworks are termed as attacks on privacy and key management protocols and their variants.
3.4 Interception
It is a passive attack on confidentiality where an intruding entity is able to read the information
that is sent from the source entity to the destination entity. We take eavesdropping and sniffing
as an example of interception attack, in this attack; gathering information about the network
(such as the SSID, the MAC address of the Access Point (AP), and information about whether
WEP is enabled) is getting easier with the release of several products [4]. Interception can
occur far outside the user's working range by using high-gain antennas (many of which are
standard offerings from some vendors) [5].
3.5 Fabrication
It is an active attack on authentication where an intruder pretends to be the source entity. Fake
e-mails and Spoofed packets are examples of a fabrication attack. Man-in-the-Middle Attacks is
an example of fabrication, in order to execute a man-in-the-middle attack [14], two hosts must
be convinced that the computer in the middle is the other host [6]. Spoofing, Brute-Force
Password Attacks and Insertion Attacks are the examples of fabrication attacks [6].
3.7 Interruption
It is an active attack on availability, where an intruding entity blocks information sent from the
originating entity to the destination entity. Examples are DoS attacks and network flooding.
The intruder may try to exhaust all network bandwidth using ARP flooding, ping broadcasts,
Transmission Control Protocol (TCP) SYN flooding, queue flooding, smurfs, synk4, and other
utilities [6] Examples of Interruption Attack are Denial of Service attacks and Rogue Networks.
Rogue Networks and Station Redirection a rogue AP is one owned by an attacker that accepts
station connections and then intercepts traffic and might also perform man-in-the-middle
attacks before allowing traffic to flow to the proper network[6]. The goal of a rogue is to move
valid traffic off the WLAN onto a wired network for attacking (or to conduct the attack directly
within the rogue AP) and then reinsert the traffic into the proper network [3].
67
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
r^z mod p
Step one: SS ES
r^x mod p
Step two: ES BS
r^y mod p
Step three: BS ES
r^z mod p
Step four: ES SS
68
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
Figure : Man-In-the-Middle attack
Victim SS's public key PKss is captured by Evil Station (ES). The ES camouflages as SS and
sends its own public key PKES to BS, then the severing BS sends back its public key PKBS, at
this time, the ES could establish a shared key with BS. Finally, ES sends its own public key
PKES to victim SS, and establishes a shared key with SSe [14]. Consequently, all the messages
that the victim SS sends to BS are relayed by ES and the encryption keys are known by ES.
Thus, ES could eavesdrop and tamper all these messages. To resist man-in-the-middle attacks
in this procedure we need a secure authentication process.
4. PROPOSED SOLUTIONS
4.1 Secure Authentication process by using Timestamp model
Time stamping (T.S) is the process of securely keeping track of the creation and modification
time of a document. Here security means that once the document has been recorded, no one can
be able to change it, provided that the time stamper's integrity is never compromised. The
technique is based on hash functions and digital signature. First a hash is calculated from the
data which is aA hash is a sort of digital fingerprint of the original data: a string of bits that is
different for each set of data. If the original data is changed, hash will also change. Anyone
trusting the time stamper can then verify that the document had not been posed after the date
that the times tamper vouches and also it can no longer be repudiated that the requester of the
time stamp was in possession of the original data at the time given by the time stamp.
2. B.S generates the hash (H1) of the data & sends it to the M.S.
3. M.S now adds the T.S to H1 and generates hash H2.Then H2 is encrypted with the private
key of M.S. Now encrypted H2 and T.S of M.S are to be sent to B.S.
4. B.S has to add its data with the T.S of M.S and to generate hash H3. Now H2 (Which was
encrypted by private key of M.S) should be decrypted by the public key of M.S. If H3=H2 then
further communication is continued, otherwise the communication should immediately be
ceased.
69
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
70
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
72
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
5. CONCLUSION
The IEEE 802.16e based WiMAX network provides better security architecture as
compared to 802.16d and basically secures the wireless transmission using different
components such as X.509 certificates, PKMv2, the security associations, encryption
methods and the encapsulation protocol. However, it still lacks complete security
solution due to certain unsecured MAC management messages and several attacks on
authentication protocol. Moreover, the mess network is not analyzed clearly. In this
paper I present several solutions related to the authentication vulnerability based on
time stamping, hash function, digital signature, Hybrid (Time stamp and Nonce) and
visual cryptography.
In WiMAX, both layers are attacked by the threats. Interleaving and Man-In-The-
Middle attack are considered as the major threats to PHY layer while eavesdropping of
management messages, masquerading, management message modification or DoS
attacks are treated as principal threats to MAC layer. Some of these issues have been
fixed with the adoption of recent amendments and security solutions in IEEE 802.16
but some still exist. Which need to be considered carefully. WiMAX does offer much
more strong security solutions in comparison with other wireless technologies such as
Bluetooth or Wireless Fidelity; but it is still under development and need more research
on its security vulnerabilities.
73
International Journal of Computer Science & Information Technology (IJCSIT), Vol 2, No 6, December 2010
REFERENCES
[1] A.K.M. Nazmus Sakib, Dr. Muhammad Ibrahim Khan, Mir Md. Saki Kowsar, “IEEE 802.16e
Security Vulnerability : Analysis & Solution” October 2010, Volume 10 Issue 13 Version 1.
[2] IEEE Computer Society and the IEEE Microwave Theory and Techniques Society,” 802.16TM IEEE
Standard for local and metropolitan area networks," Part 16: “Air Interface for Fixed Broadband Wireless
Access Systems", June 2004.
[3] IEEE Std. 802.16e/D12, “IEEE Standard for Local and Metropolitan Area Networks”, part 16:” Air
Interface for Fixed and Mobile Broadband Wireless Access Systems”, IEEE Press, 2005.
[4] Jeffrey G. Andrews, Arunabha Ghosh, Rias Muhamed, “Fundamentals of WiMAX: Understanding
Broadband Wireless Networking”, Chapter 9: “MAC Layer of WiMAX”, Pearson Education Prentice
Hall, 2007. ISBN (PDF) 0-13-222552-2
[5] R. M. Hashmi et, “Improved Secure Network Authentication Protocol (ISNAP) for IEEE 802.16”,
Proceedings of 3rd IEEE International Conference on Information and Communication Technologies,
August 2009.
[6] Sen Xu,Manton Matthews, Chin-Tser Huang. “Security issues in privacy and key management
protocols of IEEE 802.16”,44th annual Southeast regional conference, pp. 113-118, ISBN 1- 59593-315-
8, 2006.
[7] Ayesha Altaf, M. Younus Javed, Attiq Ahmed, “Security Enhancements for Privacy and Key
Management Protocol in IEEE 802.16e-2005”, 9th ACIS International Conference on software
Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 335-339, 2008.
[8] Sen Xu,Chin-Tser Huang,“Attacks on PKM Protocols of IEEE 802.16 and Its Later Versions”,
Computer Science and Engineering Department, University of South Carolina, Columbia, September,
2006.
[9] Gavin Lowe,”A Family of Attacks upon Authentication Protocols”, Department of Mathematics and
Computer Science, University of Leicester, January 1997.
[10] Michel Barbeau,“WiMax/802.16 Threat Analysis”, School of Computer Science Carleton
University, Ontario, Canada, October 2005.
[11] Hao Zhou, Amaresh V. Malipatil and Yih-Fang Huang “Synchronization issues in OFDM systems”,
Circuits and Systems, IEEE-APCCAS, pp. 988 – 991, 2006.
[12] Li Gong ,“A Security Risk of depending on Synchronized Clocks”, ORA Corporation and Cornell
University, September 24, 1991. David Johnston, Jesse Walker, “Overview of IEEE 802.16 Security,”
IEEE Security & Privacy, June 2004.
[13] Perumalraja Rengaraju, Chung-Horng Lung, Yi Qu, Anand Srinivasan,” Analysis on Mobile
WiMAX Security”, IEEE TIC-STH 2009.
[14] Mir Md. Saki Kowsar, Muhammad Sakibur Rahman: WiMAX Security Analysis and
Enhancement,Department of Computer Science and Engineering Chittagong University of Engineering
and Technology Chittagong-4349, Bangladesh.
Authors
74